Path: utzoo!attcan!uunet!blackbox!cbradley
From: cbradley@blackbox.lonestar.org (Chris Bradley)
Newsgroups: comp.sys.next
Subject: Re: Protect Sys Accounting?
Summary: Watch out for setuid apps
Keywords: Preferences accounting setuid
Message-ID: <1990Oct25.225417.18191@blackbox.lonestar.org>
Date: 25 Oct 90 22:54:17 GMT
References: <1990Oct25.145031.28374@msuinfo.cl.msu.edu>
Sender: news@blackbox.lonestar.org
Reply-To: cbradley@blackbox.lonestar.org (Chris Bradley)
Followup-To: comp.sys.next
Organization: Businessland Advanced Systems
Lines: 26

In article <1990Oct25.145031.28374@msuinfo.cl.msu.edu> reid@cpswh.cps.msu.edu (Dr Richard J. Reid) writes:
>Through "Preferences", at least, individual students on
>our NeXT's reset and vary things that invalidate the
>system accounting features as given by:  ac -p -d.
>
>Does anyone have a scheme to lock individuals out of
>these management-type accesses similar to Unix requiring
>super-user status to reset the system time?
>

Excuse me if this has already been said here, but
/NextApps/Preferences is set (in the 1.0a distribution) to run setuid root;
this is what allows several different non-root userid's on the same cube to
be able to set the time, etc.

To disable this "feature," we changed the mode on /NextApps/Preferences with
the following command:

	localhost# chmod 755 /NextApps/Preferences


-- 
Chris Bradley			| "There are three things which the public will
Businessland Advanced Systems	| always clamour for, sooner or later: namely,
Dallas, Texas US		| Novelty, novelty, novelty."
cbradley@blackbox.lonestar.org	|		-- Thomas Hood 1799-1845